Re: [PATCH v40 19/24] x86/vdso: Implement a vDSO for Intel SGX enclave call

From: Jethro Beekman
Date: Sun Nov 08 2020 - 15:20:59 EST

Next message: Paul Gortmaker: "Re: [PATCH 0/4] RFC: support for global CPU list abbreviations"
Previous message: Ard Biesheuvel: "Re: [PATCH 2/2] arm: lib: xor-neon: disable clang vectorization"
In reply to: Dave Hansen: "Re: [PATCH v40 19/24] x86/vdso: Implement a vDSO for Intel SGX enclave call"
Next in thread: Dave Hansen: "Re: [PATCH v40 19/24] x86/vdso: Implement a vDSO for Intel SGX enclave call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2020-11-04 15:54, Jarkko Sakkinen wrote:
> From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
>
> Enclaves encounter exceptions for lots of reasons: everything from enclave
> page faults to NULL pointer dereferences, to system calls that must be
> “proxied” to the kernel from outside the enclave.
>
> In addition to the code contained inside an enclave, there is also
> supporting code outside the enclave called an “SGX runtime”, which is
> virtually always implemented inside a shared library. The runtime helps
> build the enclave and handles things like *re*building the enclave if it
> got destroyed by something like a suspend/resume cycle.
>
> The rebuilding has traditionally been handled in SIGSEGV handlers,
> registered by the library. But, being process-wide, shared state, signal
> handling and shared libraries do not mix well.
>
> Introduce a vDSO function call that wraps the enclave entry functions
> (EENTER/ERESUME functions of the ENCLU instruciton) and returns information
> about any exceptions to the caller in the SGX runtime.
>
> Instead of generating a signal, the kernel places exception information in
> RDI, RSI and RDX. The kernel-provided userspace portion of the vDSO handler
> will place this information in a user-provided buffer or trigger a
> user-provided callback at the time of the exception.
>
> The vDSO function calling convention uses the standard RDI RSI, RDX, RCX,
> R8 and R9 registers. This makes it possible to declare the vDSO as a C
> prototype, but other than that there is no specific support for SystemV
> ABI. Things like storing XSAVE are the responsibility of the enclave and
> the runtime.

I suppose this may be covered under "no specific support for SystemV ABI" but with sgx_enclave_run.user_handler=NULL, R12~R15 *will* get clobbered when __vdso_sgx_enter_enclave returns from an SGX AEX. IMO this makes the whole "try to be like System V ABI" rather useless, but I suppose it doesn't matter too much.

--
Jethro Beekman | Fortanix

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Next message: Paul Gortmaker: "Re: [PATCH 0/4] RFC: support for global CPU list abbreviations"
Previous message: Ard Biesheuvel: "Re: [PATCH 2/2] arm: lib: xor-neon: disable clang vectorization"
In reply to: Dave Hansen: "Re: [PATCH v40 19/24] x86/vdso: Implement a vDSO for Intel SGX enclave call"
Next in thread: Dave Hansen: "Re: [PATCH v40 19/24] x86/vdso: Implement a vDSO for Intel SGX enclave call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]